{"id":350,"date":"2014-10-17T13:59:31","date_gmt":"2014-10-17T11:59:31","guid":{"rendered":"https:\/\/hitco.at\/blog\/?p=350"},"modified":"2015-11-07T20:51:30","modified_gmt":"2015-11-07T19:51:30","slug":"apache-ssl-configuration","status":"publish","type":"post","link":"https:\/\/hitco.at\/blog\/apache-ssl-configuration\/","title":{"rendered":"Apache 2.4 SSL WebServer Konfiguration"},"content":{"rendered":"<p style=\"text-align: left;\">Einen Webserver mit einer aktuellen, robusten SSL Konfiguration zu versehen kann durchaus einen nicht zu untersch\u00e4tzenden (Test-)Aufwand verursachen. Hier meine Notizen zur heute durchgef\u00fchrten Konfiguration eines Apache 2.4 Webservers:<\/p>\n<ul style=\"text-align: center;\">\n<li style=\"text-align: left;\">Basierend auf aktuellem <a href=\"http:\/\/releases.ubuntu.com\/14.04\/\" target=\"_new\">Ubuntu 14.04<\/a><\/li>\n<li style=\"text-align: left;\">Zertifikat von <a href=\"https:\/\/startssl.com\" target=\"_new\">StartSSL.com<\/a> (kostenfrei, RSA 4096bit, SHA256)<\/li>\n<li style=\"text-align: left;\">SSL-VHost Konfiguration angelehnt an den <a href=\"https:\/\/bettercrypto.org\" target=\"_new\">bettercrypto.org<\/a> Hardening Guide<\/li>\n<\/ul>\n<blockquote>\n<pre><span style=\"color: #0000ff;\">SSLEngine<\/span> <span style=\"color: #ff0000;\">on<\/span>\r\n<span style=\"color: #0000ff;\">SSLProtocol<\/span> <span style=\"color: #ff0000;\">All -SSLv2 -SSLv3<\/span>\r\n<span style=\"color: #0000ff;\">SSLHonorCipherOrder<\/span> <span style=\"color: #ff0000;\">On<\/span>\r\n<span style=\"color: #0000ff;\">SSLCompression<\/span> <span style=\"color: #ff0000;\">off<\/span>\r\n<span style=\"color: #0000ff;\">SSLUseStapling<\/span> <span style=\"color: #ff0000;\">On<\/span>\r\n<span style=\"color: #0000ff;\">Header<\/span> <span style=\"color: #ff0000;\">add Strict-Transport-Security<\/span> <span style=\"color: #008000;\">\"max-age=15768000 ; \r\n                                      includeSubDomains\"<\/span>\r\n\r\n<span style=\"color: #0000ff;\">SSLCipherSuite<\/span> <span style=\"color: #008000;\">'-ALL:EECDH+aRSA+AES:EDH+aRSA+AES:\r\n                aRSA+kRSA+AES:+AES256'\r\n<\/span>\r\n<span style=\"color: #0000ff;\">SSLCertificateFile<\/span>\u00a0\u00a0    \/etc\/ssl\/certs\/it-sec.ovh.crt\r\n<span style=\"color: #0000ff;\">SSLCertificateKeyFile<\/span>   \/etc\/ssl\/private\/it-sec.ovh.key\r\n\r\n<span style=\"color: #0000ff;\">SSLCertificateChainFile<\/span> \/etc\/ssl\/certs\/startssl.chain.crt\r\n\r\n<\/pre>\n<\/blockquote>\n<ul style=\"text-align: center;\">\n<li style=\"text-align: left;\">Aktivierung von OCSP-Stapeling erfordert noch eine Erg\u00e4nzung in der<\/li>\n<\/ul>\n<blockquote><p><span style=\"text-decoration: underline;\"><span style=\"color: #000000; text-decoration: underline;\">\/etc\/apache2\/mods-enabled\/ssl.conf:<br \/>\n<\/span><\/span><span style=\"color: #0000ff;\">SSLStaplingCache<\/span> <span style=\"color: #008000;\"><span style=\"color: #ff0000;\">shmcb:<\/span>${APACHE_RUN_DIR}\/stapling_cache(128000)<\/span><\/p><\/blockquote>\n<h3 style=\"text-align: left;\">Verwendete Cipher-Suites<\/h3>\n<p style=\"text-align: left;\">Gegen\u00fcber der in BetterCrypto.org vorgeschlagenen CipherSuite wurden von mir Ver\u00e4nderungen vorgenommen, um:<\/p>\n<ol style=\"text-align: left;\">\n<li>Die\u00a0ephemeral ECDH key agreement Varianten alle den ephemeral DH Varianten vorzuziehen (Performance!)<\/li>\n<li>Damit (mit der Vorreihung von ECDH) auch Java 1.7 zu unterst\u00fctzen, denn die von BetterCrypto.org am Beginn der CipherSuite auftauchenden DH-Varianten verwenden DH-Parameter &gt;1024bit was Java 1.7 verweigert.<\/li>\n<li>Camellia zu entfernen &#8211; alle relevanten Clients ziehen AES ohnehin vor, es w\u00fcrde somit nicht zur Anwendung kommen.<\/li>\n<li>AES128 gegen\u00fcber AES256 vorzureihen, denn AES256 bringt keine praxisrelevante zus\u00e4tzliche Sicherheit (Performance!).<\/li>\n<li>Einen \u00fcbersichtlicheren und damit einfacher wartbareren CipherString zu verwenden.<\/li>\n<\/ol>\n<p style=\"text-align: left;\">Die o.a. CipherSuite ergibt mit OpenSSL 1.0.1f folgende geordnete Liste:<\/p>\n<blockquote>\n<pre><span style=\"text-decoration: underline; color: #000000;\"><strong><span style=\"text-decoration: underline;\">CipherSuite\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 KeyEx Enc\u00a0\u00a0\u00a0\u00a0\u00a0    Mac   <\/span> <\/strong><\/span>\r\nECDHE-RSA-AES128-GCM-SHA256 <span style=\"color: #0000ff;\">ECDH<\/span>\u00a0 <span style=\"color: #008000;\">AES128<\/span>-GCM\u00a0 AEAD\r\nECDHE-RSA-AES128-SHA256\u00a0\u00a0\u00a0\u00a0 <span style=\"color: #0000ff;\">ECDH<\/span>\u00a0 <span style=\"color: #008000;\">AES128<\/span>\u00a0   \u00a0 SHA256\r\nECDHE-RSA-AES128-SHA\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <span style=\"color: #0000ff;\">ECDH<\/span>\u00a0 <span style=\"color: #008000;\">AES128<\/span>\u00a0   \u00a0 SHA1\r\nDHE-RSA-AES128-GCM-SHA256\u00a0\u00a0 <span style=\"color: #ff0000;\">EDH<\/span>\u00a0\u00a0 <span style=\"color: #008000;\">AES128<\/span>-GCM\u00a0 AEAD\r\nDHE-RSA-AES128-SHA256\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <span style=\"color: #ff0000;\">EDH<\/span>\u00a0\u00a0 <span style=\"color: #008000;\">AES128<\/span>\u00a0\u00a0    SHA256\r\nDHE-RSA-AES128-SHA\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <span style=\"color: #ff0000;\">EDH<\/span>\u00a0\u00a0 <span style=\"color: #008000;\">AES128<\/span>\u00a0\u00a0    SHA1\r\nAES128-GCM-SHA256\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 RSA\u00a0\u00a0 <span style=\"color: #008000;\">AES128<\/span>-GCM\u00a0 AEAD\r\nAES128-SHA256\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 RSA\u00a0\u00a0 <span style=\"color: #008000;\">AES128<\/span>   \u00a0\u00a0 SHA256\r\nAES128-SHA\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 RSA\u00a0\u00a0 <span style=\"color: #008000;\">AES128<\/span>\u00a0   \u00a0 SHA1\r\nECDHE-RSA-AES256-GCM-SHA384 <span style=\"color: #0000ff;\">ECDH<\/span>\u00a0 AES256-GCM\u00a0 AEAD\r\nECDHE-RSA-AES256-SHA384\u00a0\u00a0\u00a0\u00a0 <span style=\"color: #0000ff;\">ECDH<\/span>\u00a0 AES256\u00a0\u00a0    SHA384\r\nECDHE-RSA-AES256-SHA\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <span style=\"color: #0000ff;\">ECDH<\/span>\u00a0 AES256\u00a0\u00a0    SHA1\r\nDHE-RSA-AES256-GCM-SHA384\u00a0\u00a0 <span style=\"color: #ff0000;\">EDH<\/span>\u00a0\u00a0 AES256-GCM\u00a0 AEAD\r\nDHE-RSA-AES256-SHA256\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <span style=\"color: #ff0000;\">EDH<\/span>\u00a0\u00a0 AES256\u00a0\u00a0    SHA256\r\nDHE-RSA-AES256-SHA\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <span style=\"color: #ff0000;\">EDH<\/span>\u00a0\u00a0 AES256\u00a0\u00a0    SHA1\r\nAES256-GCM-SHA384\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 RSA\u00a0\u00a0 AES256-GCM\u00a0 AEAD\r\nAES256-SHA256\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 RSA\u00a0\u00a0 AES256\u00a0   \u00a0 SHA256\r\nAES256-SHA\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 RSA\u00a0\u00a0 AES256\u00a0\u00a0    SHA1\r\n\r\n<span style=\"color: #0000ff;\">ECDH<\/span> = Ephemeral Elliptic curve Diffie\u2013Hellman\r\n<span style=\"color: #ff0000;\">EDH<\/span>  = Ephemeral Diffie-Hellman\r\nGCM  = Galois\/Counter Mode realisiert zugleich AEAD\r\nAEAD = Authenticated Encryption with Associated Data<\/pre>\n<\/blockquote>\n<p style=\"text-align: left;\">Alle CipherSuites werden mit RSA authentifiziert. Forward-Secrecy ist mit ECDH und EDH gew\u00e4hrleistet. Eine \u00dcbersicht welche Clients damit konkret welche CipherSuite verwenden zeigt die nachfolgende Abbildung:<\/p>\n<p style=\"text-align: center;\">\t<div class='ngg-imagebrowser default-view'\n\t\tid='ngg-imagebrowser-e983ab293c8a71af2d55a913c5b995e8-350'\n\t\tdata-nextgen-gallery-id=\"e983ab293c8a71af2d55a913c5b995e8\"\n\t\tdata-gallery-id=\"13\">\n\n\t\t<h3>ssllabs.com Client-Handshake Simulation<\/h3>\n\n\t\t<div id=\"ngg-image-0\" class=\"pic\" \n\t\t\t\t\t>\n\t\t\t\t<a href='https:\/\/hitco.at\/blog\/wp-content\/gallery\/ssllabs-com-testing-it-sec-ovh\/ssllabs_com_Client-Handshake-Simulation_it-sec_ovh.png'\n\t\t\ttitle=' '\n\t\t\tdata-src=\"https:\/\/hitco.at\/blog\/wp-content\/gallery\/ssllabs-com-testing-it-sec-ovh\/ssllabs_com_Client-Handshake-Simulation_it-sec_ovh.png\"\n\t\t\tdata-thumbnail=\"https:\/\/hitco.at\/blog\/wp-content\/gallery\/ssllabs-com-testing-it-sec-ovh\/thumbs\/thumbs_ssllabs_com_Client-Handshake-Simulation_it-sec_ovh.png\"\n\t\t\tdata-image-id=\"11\"\n\t\t\tdata-title=\"ssllabs.com Client-Handshake Simulation\"\n\t\t\tdata-description=\" \"\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tclass=\"ngg-fancybox\" rel=\"e983ab293c8a71af2d55a913c5b995e8\">\n\t\t\t\t\t\t<img title='ssllabs.com Client-Handshake Simulation'\n\t\t\t\talt='ssllabs.com Client-Handshake Simulation'\n\t\t\t\tsrc='https:\/\/hitco.at\/blog\/wp-content\/gallery\/ssllabs-com-testing-it-sec-ovh\/ssllabs_com_Client-Handshake-Simulation_it-sec_ovh.png'\/>\n\t\t<\/a>\n\n\t\t<\/div>\n\t\t<div class='ngg-imagebrowser-nav'>\n\n\t\t\t<div class='back'>\n\t\t\t\t<a class='ngg-browser-prev'\n\t\t\t\t\tid='ngg-prev-14'\n\t\t\t\t\thref='https:\/\/hitco.at\/blog\/apache-ssl-configuration\/nggallery\/image\/ssllabs_com_ssltest_it-sec_ovh_summary\/'>\n\t\t\t\t\t<i class=\"fa fa-chevron-left\" aria-hidden=\"true\"><\/i>\n\t\t\t\t<\/a>\n\t\t\t<\/div>\n\n\t\t\t<div class='next'>\n\t\t\t\t<a class='ngg-browser-next'\n\t\t\t\t\tid='ngg-next-12'\n\t\t\t\t\thref='https:\/\/hitco.at\/blog\/apache-ssl-configuration\/nggallery\/image\/ssllabs_com_protocoldetails_it-sec_ovh\/'>\n\t\t\t\t\t<i class=\"fa fa-chevron-right\" aria-hidden=\"true\"><\/i>\n\t\t\t\t<\/a>\n\t\t\t<\/div>\n\n\t\t\t<div class='counter'>\n\t\t\t\tBild\t\t\t\t1\t\t\t\tvon\t\t\t\t4\t\t\t<\/div>\n\n\t\t<\/div>\n\n\t\t<div class='ngg-imagebrowser-desc'>\n\t\t\t<p> <\/p>\n\t\t<\/div>\n\n\t<\/div>\t\t<\/div>\n\t<\/div>\n<\/p>\n<p style=\"text-align: left;\">Wie die mit <a title=\"SSL-Labs.com\" href=\"http:\/\/ssllabs.com\" target=\"_blank\">ssllabs.com<\/a> erstellte Simulation zeigt, verwenden alle heute relevanten Clients somit Forward Secrecy und performantes und zugleich sicheres AES128. Ein Support von altem, ungepatchtem WinXP mit IE6\/IE8 erscheint mittlerweile obsolet, weshalb diese Einschr\u00e4nkung in Kauf genommen werden kann.<\/p>\n<h3 style=\"text-align: left;\">StartSSL Certificate Chain<\/h3>\n<p style=\"text-align: left;\">Bleibt noch die Frage, was ist in der startssl.chain.crt enthalten:<\/p>\n<p style=\"text-align: left;\">StartSSL bietet zwar SHA256 Zertifikate an, jedoch ist das Default Intermediate-Zertifikat leider nur SHA1. StartSSL hat jedoch inzwischen auch ein SHA256 Intermediate-Zertifikat bereitgestellt, welches jedoch durchaus gut versteckt ist. Unter <a title=\"StartSSL Stamm- und Intermediate-Zertifikate\" href=\"https:\/\/www.startssl.com\/certs\/\" target=\"_blank\">https:\/\/www.startssl.com\/certs\/<\/a> wird man allerdings f\u00fcndig: <a href=\"https:\/\/www.startssl.com\/certs\/class1\/sha2\/der\/sub.class1.server.sha2.ca.crt\" target=\"_blank\">https:\/\/www.startssl.com\/certs\/class1\/sha2\/der\/sub.class1.server.sha2.ca.crt<\/a>. Weiters empfiehlt es sich, die die Chain noch das Cross-Zertifikat (welches das neue und alte Stammzertifikat &#8222;verbindet&#8220;) hinzuzunehmen: <a href=\"https:\/\/www.startssl.com\/certs\/ca-cross-sha2.pem\" target=\"_blank\">https:\/\/www.startssl.com\/certs\/ca-cross-sha2.pem <\/a><\/p>\n<p style=\"text-align: left;\">Aus diesen beiden Zertifikaten erstellen wir uns ein PEM-kodiertes, nur mehr SHA256-Zertifikate beinhaltendes <a href=\"https:\/\/hitco.at\/blog\/apache-ssl-configuration\/startssl-chainsha256\/\" rel=\"attachment wp-att-363\">startssl.chain (sha256)<\/a>.<\/p>\n<h3 style=\"text-align: left;\">\u00a0Test des Resultats<\/h3>\n<p style=\"text-align: left;\">Die von mir erstellte Demo-Website findet sich hier:<a title=\"IT-Security Demo WebSite\" href=\"https:\/\/it-sec.ovh\/\"> https:\/\/it-sec.ovh\/<\/a><\/p>\n<p style=\"text-align: left;\">Getestet mit dem <a href=\"https:\/\/www.ssllabs.com\/ssltest\/\" target=\"_new\">SSL Labs SSL Server Test<\/a><\/p>\n<figure id=\"attachment_354\" aria-describedby=\"caption-attachment-354\" style=\"width: 815px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-354 size-full\" src=\"https:\/\/hitco.at\/blog\/wp-content\/uploads\/ssllabs_com_ssltest_it-sec_ovh_summary.png\" alt=\"SSL Labs SSLTest it-sec.ovh\" width=\"815\" height=\"513\" srcset=\"https:\/\/hitco.at\/blog\/wp-content\/uploads\/ssllabs_com_ssltest_it-sec_ovh_summary.png 815w, https:\/\/hitco.at\/blog\/wp-content\/uploads\/ssllabs_com_ssltest_it-sec_ovh_summary-300x188.png 300w\" sizes=\"auto, (max-width: 815px) 100vw, 815px\" \/><figcaption id=\"caption-attachment-354\" class=\"wp-caption-text\">SSL Labs SSLTest it-sec.ovh<\/figcaption><\/figure>\n<p style=\"text-align: center;\">\n","protected":false},"excerpt":{"rendered":"<p>Einen Webserver mit einer aktuellen, robusten SSL Konfiguration zu versehen kann durchaus einen nicht zu untersch\u00e4tzenden (Test-)Aufwand verursachen. Hier meine Notizen zur heute durchgef\u00fchrten Konfiguration eines Apache 2.4 Webservers: Basierend auf aktuellem Ubuntu 14.04 Zertifikat von StartSSL.com (kostenfrei, RSA 4096bit, SHA256) SSL-VHost Konfiguration angelehnt an den bettercrypto.org Hardening Guide SSLEngine on SSLProtocol All -SSLv2 -SSLv3 SSLHonorCipherOrder On SSLCompression off SSLUseStapling&#8230; <\/p>\n","protected":false},"author":1,"featured_media":354,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"gallery","meta":{"ngg_post_thumbnail":0,"footnotes":""},"categories":[3,4,13],"tags":[],"class_list":["post-350","post","type-post","status-publish","format-gallery","has-post-thumbnail","hentry","category-it","category-security","category-server","post_format-post-format-gallery"],"_links":{"self":[{"href":"https:\/\/hitco.at\/blog\/wp-json\/wp\/v2\/posts\/350","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hitco.at\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hitco.at\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hitco.at\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/hitco.at\/blog\/wp-json\/wp\/v2\/comments?post=350"}],"version-history":[{"count":35,"href":"https:\/\/hitco.at\/blog\/wp-json\/wp\/v2\/posts\/350\/revisions"}],"predecessor-version":[{"id":486,"href":"https:\/\/hitco.at\/blog\/wp-json\/wp\/v2\/posts\/350\/revisions\/486"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/hitco.at\/blog\/wp-json\/wp\/v2\/media\/354"}],"wp:attachment":[{"href":"https:\/\/hitco.at\/blog\/wp-json\/wp\/v2\/media?parent=350"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hitco.at\/blog\/wp-json\/wp\/v2\/categories?post=350"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hitco.at\/blog\/wp-json\/wp\/v2\/tags?post=350"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}